Skip to content

Commit 5ff4eb8

Browse files
docs(validate-pr): Drop version-tag references in favor of SHA pinning
Consumers in getsentry/* pin this action by commit SHA, not by @v* tags or major-version moving tags. Update the README example and the "updating earlier revisions" section to reflect that. Drop the "Breaking changes" framing in the changelog — the action has not shipped in a tagged release, so calling it a breaking change overstates the impact. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 271bb7a commit 5ff4eb8

2 files changed

Lines changed: 9 additions & 12 deletions

File tree

CHANGELOG.md

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,9 @@
22

33
## Unreleased
44

5-
### Breaking changes
6-
7-
- Validate PR - Major v4 release: action is now advisory. PRs are no longer closed, and no labels are applied. Instead, a single friendly comment is posted on community PRs that don't reference an issue with maintainer discussion. The `was-closed` output has been removed. Recommended trigger is now `types: [opened]` (drop `reopened`). Pin to `@v3` to keep the previous closing behavior.
8-
95
### Features
106

7+
- Validate PR - Action is advisory: it posts a single friendly comment on community PRs that don't reference an issue with maintainer discussion. PRs are not closed and no labels are applied. Recommended trigger is `types: [opened]`.
118
- Validate PR - Skip validation for PRs with fewer than 100 lines changed, excluding common lock files (`Cargo.lock`, `yarn.lock`, `package-lock.json`, `Pipfile.lock`, etc.). Tiny PRs no longer go through the issue-discussion loop.
129
- Add validate-pr composite action for validating non-maintainer PRs against contribution guidelines ([#153](https://github.com/getsentry/github-workflows/pull/153))
1310

validate-pr/README.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,13 @@ jobs:
2525
permissions:
2626
pull-requests: write
2727
steps:
28-
- uses: getsentry/github-workflows/validate-pr@v4
28+
- uses: getsentry/github-workflows/validate-pr@<sha>
2929
with:
3030
app-id: ${{ vars.SDK_MAINTAINER_BOT_APP_ID }}
3131
private-key: ${{ secrets.SDK_MAINTAINER_BOT_PRIVATE_KEY }}
3232
```
3333
34-
The `pull-requests: write` permission is needed because the action posts comments on the PR.
34+
Pin to a specific commit SHA (consumers in `getsentry/*` already follow this convention). The `pull-requests: write` permission is needed because the action posts comments on the PR.
3535

3636
## Inputs
3737

@@ -83,14 +83,14 @@ The PR is considered compliant if **any** referenced issue passes all of:
8383

8484
If no referenced issue passes, the action posts one advisory comment. The PR remains open and reviewable; no labels or status checks are applied. The comment is idempotent — workflow re-runs on the same PR will not produce duplicates.
8585

86-
## Migrating from v3
86+
## Updating from earlier revisions
8787

88-
v3 closed non-compliant PRs and applied labels (`violating-contribution-guidelines`, `missing-issue-reference`, `missing-maintainer-discussion`, `issue-already-assigned`). v4 does neither — it only posts a comment.
88+
Earlier revisions of this action closed non-compliant PRs and applied labels (`violating-contribution-guidelines`, `missing-issue-reference`, `missing-maintainer-discussion`, `issue-already-assigned`). The current version does neither — it only posts a comment.
8989

90-
To upgrade, update your workflow:
90+
To update an existing consumer:
9191

92-
- Change `getsentry/github-workflows/validate-pr@v3` → `@v4`
93-
- Change `types: [opened, reopened]` → `types: [opened]`
94-
- Remove any code that reads the `was-closed` output (it no longer exists)
92+
- Bump the pinned commit SHA to the latest on `main`.
93+
- Change `types: [opened, reopened]` → `types: [opened]`.
94+
- Remove any code that reads the `was-closed` output (it no longer exists).
9595

9696
Existing labels on old PRs are not removed automatically. Clean them up with a one-off script if desired.

0 commit comments

Comments
 (0)